File Deletion Vulnerability in Pillow before 9.0.1 due to Mishandling of Spaces in Temporary Pathnames

File Deletion Vulnerability in Pillow before 9.0.1 due to Mishandling of Spaces in Temporary Pathnames

CVE-2022-24303 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.

Learn more about our Web Application Penetration Testing UK.